TEMPORAL PROXIMITY TO VERIFY PHYSICAL PROXIMITY 



BACKGROUND OF THE INVENTION 

1. Field of the Invention 

This invention relates to the field of data protection, and in particular to protecting data 
from illicit copying from a remote location. 

2. Description of Related Art 

The protection of data is becoming an increasingly important area of security. In many 
situations, the authority to copy or otherwise process information is correlated to the physical 
proximity of the information to the device that is effecting the copying or other processing. For 
example, audio and video performances are recorded on CDs, DVDs, and the like. If a person 
purchases a CD or DVD, the person traditionally has a right to copy or otherwise process the 
material, for backup purposes, to facilitate use, and so on. When the person who purchased the 
material desires to use the material, it is not unreasonable to assume that the person will have the 
CD or DVD within physical proximity of the device that will use the material. If, on the other 
hand, the person does not have proper ownership of the material, it is likely that the person will 
not have physical possession of the material, and hence, the material will be physically remote 
from the device that is intended to use the material. For example, the illicit copying or rendering 
of material from an Internet site or other remote location corresponds to material being 
physically remote from the device that is used to copy the material. 

In like manner, security systems are often configured to verify information associated 
with a user, such as verifying biometric parameters, such as fingerprints, pupil scans, and the 
like. In a simpler example, security systems are often configured to process information provided 
by a user, such as information contained on an identification tag, smartcard, etc. Generally, the 
information or parameters can be provided easily by an authorized user, because the authorized 
user is in possession of the media that contains the information. An unauthorized user, on the 
other hand will often not have the original media that contains the verification information, but 
may have a system that can generate/regenerate the security information or parameters from a 
remote location. Similarly, some systems, such as an office LAN, or computers in a laboratory, 
are configured to be secured by controlling physical access to terminals that are used to access 
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the system. If the user has access to the system, the assumption is that the user is authorized to 
access the system. Some security measures, such as identification verification, are sometimes 
employed, but typically not as extensively as the security measures for systems that lack physical 
isolation. 

BRIEF SUMMARY OF THE INVENTION 
It is an object of this invention to provide a system or method of preventing the use of 
material in the absence of evidence that the material is in the physical possession of the user. It is 
a further object of this invention to prevent the use of material in the presence of evidence that 
the material is remote from the device that is intended to use the material. It is a further object of 
this invention to prevent access to systems in the presence of evidence that the user is remote 
from the system. 

These objects and others are achieved by providing a security system that assesses the 
response time to requests for information. Generally, physical proximity corresponds to temporal 
proximity. If the response time indicates a substantial or abnormal lag between request and 
response, the system assumes that the lag is caused by the request and response having to travel 
a substantial or abnormal physical distance, or caused by the request being processed to generate 
a response, rather than being answered by an existing response in the physical possession of a 
user. If a substantial or abnormal lag is detected, the system is configured to limit subsequent 
access to protected material by the current user, and/or to notify security personnel of the 
abnormal response lag. 

BRIEF DESCRIPTION OF THE DRAWINGS 
The invention is explained in further detail, and by way of example, with reference to the 
accompanying drawing wherein: 

FIG. 1 illustrates an example control access system in accordance with this invention. 

Throughout the drawing, the same reference numerals indicate similar or corresponding 
features or functions. 



701423 PATENT APPLICATION 



2 



25 June 2001 



DETAILED DESCRIPTION OF THE INVENTION 
For ease of reference and understanding, the invention is presented herein in the context 
of a copy-protection scheme, wherein the processing of copy-protected material is controlled via 
a verification that the user of the material is in physical possession of the copy-protected 
material. 

FIG. 1 illustrates an example control access system 100 in accordance with this 
invention. The control access system 100 includes a processor 120 that is configured to process 
material from a physical media, such as a CD 130, via an access device, such as a reader 132. 
The processor 120 may be a recording device that records one or more songs from the CD 130 
onto a memory stick, onto a compilation CD, and so on. The processor 120 may also be a 
playback device that is configured to provide an output suitable for human perception, such as 
images on a screen, sounds from a speaker, and so on. The term "rendering" is used herein to 
include a processing, transformation, storage, and so on, of material received by the processor 
120. Using this context and terminology, the example processor 120 includes a renderer 122 that 
provides the interface with the access device 132, and a verifier 126 that is configured to verify 
the presence of authorized material 130. 

When a user commences the rendering of material from the media 130, the processor 120 
is configured to verify the presence of the media 130. One method of effecting this verification is 
to request the access device 132 to provide evidence that the media 130 is available to provide 
material or information that differs from the material that the user is attempting to render. For 
example, if the user commences the rendering of a song, the verifier 126 may direct the renderer 
122 to request a portion of a different song from the access device 132. If the access device is 
unable to provide the requested portion of a different song, the verifier 126 can conclude that the 
media 130 is not actually present for rendering, and will terminate subsequent rendering of the 
material that the user intended to render, via the gate 124. For example, a user may illicitly 
download a selection of different copy-protected songs from a remote site 140 on the Internet 
144, and then attempt to create a compilation CD containing these user-selected songs. 
Typically, the size of an entire album of material discourages the downloading of each album 
that contains the user-selected songs. When the verifier 126 requests a portion of a different song 
from the album corresponding to an actual CD 130, the user who downloaded only the user- 
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selected song from the album will be prevented from further rendering of the downloaded 
material. 

A variety of techniques may be employed to assure that the material provided in response 
to the request corresponds to the material that is contained on the actual CD 130. For example, 
copending U.S. patent application "Protecting Content from Illicit Reproduction by Proof of 
Existence of a Complete Data Set via Self-Referencing Sections", U.S. serial number 
09/536,944, filed 28 March 2000 for Antonius A. M. Staring, Michael A. Epstein, and Martin 
Rosner, Attorney Docket US000040, and incorporated by reference herein, teaches a self- 
referential data set wherein each section of a data set, such as a copy-protected album, is 
uniquely identified by a section identifier that is securely associated with each section. To assure 
that a collection of sections are all from the same data set, an identifier of the data set is also 
securely encoded with each section. Using exhaustive or random sampling, the presence of the 
entirety of the data set is determined, either absolutely or with statistical certainty, by checking 
the section and data-set identifiers of selected sections. 

The verification provided by the verifier 126 as described above can be defeated, 
however, by responding to the requests from the renderer 122 from the remote site 140 that 
contains the entirety of the album. That is, rather than downloading the entire album from the 
remote site 140, the illicit user need only download the desired song, and imitate the presence of 
the actual CD 130 by providing a CD imitator 142 that provides access to requested material or 
portions of material via the Internet 144. When the verifier 126 requests a portion of a song, or 
section of a data set, the CD imitator 142 transforms the request into a download request from 
the remote site 140, and the requested section is provided to the renderer 122, as if it was 
provided from the CD 130. Assuming that, for practical purposes, the verifier 126 will be 
configured to only check for a few sections in an album, the use of the CD imitator 142 will 
result in a substantially reduced amount of data transfer, compared to the downloading of the 
entire album, and thus preferable for the illicit download of select songs. 

In accordance with this invention, the processor 120 includes a timer 128 that is 
configured to measure the time between a request from the verifier 126 and a response from an 
external source, either the actual CD 130, or the remote source 140, to facilitate an assessment 
by the verifier 126 of the physical proximity of the source of the response. In a preferred 
embodiment, the verifier 126 is configured to filter or average the response times, so as to allow 
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for minor perturbations in the response time from an authorized source 130, while still being 
able to distinguish a response from a physically remote source 140. For example, using 
conventional statistical techniques, the verifier 126 may continue to request sections from the 
unknown source until a statistically significant difference from the expected response time of a 
local source 130 is detected. In a simpler embodiment, if the response time is below a delay 
threshold N out of M times, the verifier 126 is configured to conclude that the source must be 
local. These and other techniques for assessing physical proximity based on temporal proximity 
will be evident to one of ordinary skill in the art in view of this disclosure. 

The principles of this invention are applicable to other applications as well. In an 
analogous application, for example, the renderer 122 and access device 132 may be challenge- 
response devices that are configured to exchange security keys, using for example, a smart card 
as the media 130. If an unauthorized user attempts to exchange keys by processing the 
challenge-responses via access to a system that is potentially able to overcome the security of the 
exchange, the timer 128 will be able to detect the abnormal lag between the challenge and 
response, and terminate the key-exchange. In like manner, if a system expects all accesses to be 
from terminals that are in a common physically secured area, the timer 128 will be able to detect 
abnormal lags if the system becomes a target of a remote access ! hacker r or other attempted 
accesses from outside the physically secured area. 

Preferably, the verifier 126 is configured to request random source information. In the 
example of a CD media 130, the verifier 126 is configured to request access to randomly 
selected sections on the media 130 until sufficient confidence is gained whether the source is 
local or remote. In other applications, the verifier 126 is configured to merely monitor, and time, 
transactions that routinely occur between a requesting device 122 and an access device 132, to 
detect abnormally long response times. In other applications, the verifier 126 may merely control 
the order of occurrence of routine data access requests. For example, when reading information 
from an user's identification device, the verifier 126 may be configured to sometimes ask for the 
user's name first, identification number next, fingerprint next, and so on; at a next session, the 
verifier 126 may ask for the identification number first, a voiceprint next, and so on, thereby 
preventing a pre-recorded sequence of responses. Similarly, in an application intended to prevent 
the downloading of data from a remote site, the verifier 126 in the example of FIG. 1 may 
merely request portions of the requested data in a different order sequence, to determine whether 
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the requested data is local or remote. In like manner, to prevent the unauthorized download of 
information from a network, the verifier and time may be placed at the remote site, and 
configured to measure the transport time of the data. For example, in a conventional network 
having error-detection capabilities, the verifier may be configured to purposely transmit 
erroneous data, or an erroneous sequence of data, and measure the time duration until a request- 
for-retransmission occurs. If the receiving site is local, the request-for-retransmission should 
occur substantially quicker than if the receiving site is remote. In this example, the erroneous 
transmission constitutes a "requests" for a "response" from the receiving system. These and other 
timing schemes will be evident to one of ordinary skill in the art. 

The foregoing merely illustrates the principles of the invention. It will thus be 
appreciated that those skilled in the art will be able to devise various arrangements which, 
although not explicitly described or shown herein, embody the principles of the invention and 
are thus within its spirit and scope. For example, although the invention is presented in the 
context of detecting responses that are abnormally slow, the principles of the invention can also 
be applied for detecting responses that are abnormally fast. For example, if a system is 
configured to read information from a magnetic strip on a card, there is an expected lag 
associated with the swiping of the card. If the information is provided without this lag, for 
example, from a computer that is configured to bypass the magnetic strip reader, a security alert 
may be warranted. These and other system configuration and optimization features will be 
evident to one of ordinary skill in the art in view of this disclosure, and are included within the 
scope of the following claims. 
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